Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement trusted publishing & automated-ish wheels publishing #224

Open
masklinn opened this issue Oct 7, 2024 · 1 comment
Open

Implement trusted publishing & automated-ish wheels publishing #224

masklinn opened this issue Oct 7, 2024 · 1 comment

Comments

@masklinn
Copy link
Contributor

masklinn commented Oct 7, 2024
edited
Loading

problem: need owner rights to ua-parser on pypi (currently only have maintainer @selwin you gave me maintainer rights on the project back then, is there a chance it could get upgraded to owner?)
@masklinn
Copy link
Contributor Author

Also used trusted publishing in #232 and was able to test it on https://test.pypi.org/project/ua-parser-builtins/#history

Worked flawlessly, so definitely a very strong incentive to enable it here as well.

@masklinn masklinn modified the milestone: 1.0 Nov 23, 2024
@masklinn masklinn mentioned this issue Nov 23, 2024
Closed
12 tasks
masklinn added a commit to masklinn/uap-python that referenced this issue Dec 22, 2024
@masklinn
Add zizmor to CI
b37937f 
- Can't switch release actions to trusted publishing, see ua-parser#224.
- Remove git credentials persistence everywhere.
- Fix "unsafe" template expansion in release-builtins. It should not
  be accessible to any untrusted third party as it's only on
  `workflow_dispatch` and `schedule`, but it can't hurt.

Fixes ua-parser#249
masklinn added a commit that referenced this issue Dec 22, 2024
@masklinn
Add zizmor to CI
9f170aa 
- Can't switch release actions to trusted publishing, see #224.
- Remove git credentials persistence everywhere.
- Fix "unsafe" template expansion in release-builtins. It should not
  be accessible to any untrusted third party as it's only on
  `workflow_dispatch` and `schedule`, but it can't hurt.

Fixes #249
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@masklinn